package com.lee.config;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @Description TODO
 * @Author winston
 * @DateTime 2021/11/29
 */
@Configuration
public class OAuth2ResourceServerSecurityConfiguration extends WebSecurityConfigurerAdapter {

//	@Value("${spring.security.oauth2.resourceserver.opaque.introspection-uri}")
//	String introspectionUri;
//
//	@Value("${spring.security.oauth2.resourceserver.opaque.introspection-client-id}")
//	String clientId;
//
//	@Value("${spring.security.oauth2.resourceserver.opaque.introspection-client-secret}")
//	String clientSecret;


	@Override
	protected void configure(HttpSecurity http) throws Exception {

		// 调用授权服务器进行鉴权
//		http.authorizeRequests()
//				.anyRequest().authenticated()
//				.and()
//				// 向Spring security 过滤器中添加一个BearerTokenAuthenticationFilter过滤器
//				.oauth2ResourceServer().opaqueToken()
//				.introspectionUri(introspectionUri)
//				.introspectionClientCredentials(clientId, clientSecret);

		// 直接向授权服务器拿公钥验证
		http.authorizeRequests()
				.anyRequest().authenticated()
				.and()
				.oauth2ResourceServer().jwt()
				.jwkSetUri("http://auth.javaboy.org:8881/oauth2/keys");
	}
}
